Method for source-related risk detection and alert generation

Abstract

A method and system for detecting a source-related risk and generating an alert concerning the source-related risk are disclosed. Criteria of the source-related risk are defined. Thresholds associated with the source-related risk are defined. Every operation on an object is detected. If an operation on an object satisfies a criterion among the criteria or if the operation causes to exceed a threshold among the thresholds, an alert is generated for the operation.

Description

BACKGROUND OF THE INVENTION[0001]1. Fields of the Invention[0002]The present invention generally relates to detecting a source-related risk. More particularly, the present invention relates to detecting a source-related risk during a development of an object.[0003]2. Description of the Prior Art[0004]With a trend of sharing and reusing, objects are composed of pre-existing materials or sub-objects created by a another person (e.g., a co-worker, a programmer working in a different company, etc.). This trend (i.e., sharing and reusing pre-existing materials) applies in software development. In a new software development, developers often leverage pre-existing materials (i.e., any material that has existed before a current development), such as open source code and a third party picture, with benefit of accelerating development progress, saving creation effort, or achieving good quality. However, leveraging pre-existing materials, especially pre-existing code, to the software developme...

AI Technical Summary

Benefits of technology

[0011]Moreover, in current software development projects, developers are often required at the end of software development to sign a “Certificate of Originality”(COO) stating which parts of the code of the software are their own creation, and which parts are from the Open Source or from other developers/authors. Due to a lack of an effective and reliable mechanism to maintain and track source information about code or due to a lack of an effective and reliabl

Problems solved by technology

However, leveraging pre-existing materials, especially pre-existing code, to the software development may also introduce source-related risks (i.e., a copyright issue, a licensing issue, a code pedigree (i.e., code coming from many different sources) issue).

An improper operation on source information of code increases a risk of code contamination, ownership and responsibilities, and increases a difficulty of sharing and reusing the code.

Because of the improper operations (e.g., deleting developer or author's information) on code, a use of pre-existing code, especially code in a public domain, always carries a high risk of code contamination, both in a form of bugs inadvertently created and in a form of virus or worms intentionally produced.

Because of the improper operations (e.g., deleting a copyright term), no matter by an accident or by an intention, during code development, developers may not be aware of a source-related risk or get any alert associated with the source-related risk, so that they have no confidence to share and reuse code.

However, the SCM tools have a limitation of recording source information only at the moment of the check-in / check-out.

That is, the SCM tools only check differences between a check-out version (i.e., code when being obtained) and a check-in version (i.e., code when being stored in a repository), so SCM tools do not check / trace all changes made between a check-out and a check-in.

Furthermore, the SCM tools do not detect any source-related risk such as a copyright issue.

Although Black Duck™ Software provides tools such as managing open source and assuring license compliance, Black Duck™ Software only focuses on content of an object (e.g., code) and does not focus on a wider scope including operations to the content (e.g., modifying code, deleting code, inserting new code).

However, Hailpern only tracks and records the source information but does not provide any determination (e.g., whether an operation on object causes a source-related risk) or does not generate an alert for a source-related risk.

However, the traditional tools do not collect information from operations on code (e.g., inserting new code, modifying code, deleting code, etc.) and from source information of the code (e.g., a copyright term of the code, a licensing term of the code, author or developer of the code, etc.).

Due to a lack of an effective and reliable mechanism to maintain and track source information about code or due to a lack of an effective and reliable mechanism to remind a developer a source-related risk during development, this process (i.e., a process obtaining originality information of each code) usually takes 1-2 months to complete, which is both burdensome and costly.

Without such a mechanism, people will be uncomfortable or unconfident to use the elements, which may violate copyrights, trademarks, licensing terms, etc.

Images